Until recently, I was using Dropbox Vault, a feature that allowed me to store sensitive files in a secure folder that required a specific password each time it was opened. This provided an extra layer of protection for confidential files without having to manually encrypt each document.
Since this service has been discontinued, I am looking for an alternative and have turned to NextCloud. I noticed that there is an end-to-end encryption application, but what I am looking for is slightly different: I would like a secure folder that requires a separate password every time it is opened, a password that I define myself.
Is there a built-in solution or a plugin that can replicate this behavior on NextCloud? Any suggestions or recommendations are welcome!
When you setup 2-Factor-Authentication, you can have backup codes, which come a bit like these one-time passwords.
If it is just to secure the access, perhaps just consider using 2-Faktor-Authentication. You can have hardware-tokens (U2F) that are easy to handle.
If you don’t trust the server admin (or just in case), end-to-end encryption is a good additional layer of security. I have also used containers (e.g. VeraCrypt), however handling is a bit more complicated as you need to decrypt the container and you need the corresponding software installed.
I’m not necessarily looking for perfect file security system, just a simple password prompt to prevent access to sensitive folders when I lend my computer. Encrypted containers like VeraCrypt are an option, but they’re too cumbersome for this use case.
Ideally, I’d like a built-in Nextcloud feature or plugin that requires a password to open specific folders, available on my computer and my phone. Something really similar to Dropbox Vault would be perfect.
If anyone knows of a solution, I’d appreciate your suggestions.
May be a bit cumbersome, but since I run my own Nextcloud installation, I just created a second user that I only login when I need the “secure secure” files.
From what I understand the normal passwords that can be set on shares is not sufficient for you (because it does not ask for the password if you are not using the particular share).
There is also Passwords - Apps - App Store - Nextcloud - a password safe (where you can add notes and other properties), but I do not use that so I do not know when exactly it asks for the password, but you can try if that fits your needs.
Personally I would never ever lend my computer if I am not sitting next to the person using my computer - never.
Another use case I would have similar to @Goldan would be as you said @mwildam the passwords. So in my case KeepassXC requires another password for me to access the sensitive content.
Just to make sure we’re all talking about the same thing here:
The idea behind Dropbox Vault—or at least what it was before this happened—is that the data stored in the Vault is encrypted. More specifically, the reason it required an extra password wasn’t just to add another layer of protection like 2FA, but because that password was (or should have been) used to decrypt the data client-side. In theory, this would protect your data not only from external access but also from Dropbox itself, including server administrators.
Also, for the Nextcloud Passwords app or when storing a KeePass file in Nextcloud, you don’t need such a feature, since the Passwords app already does for its password database what Dropbox Vault was meant to do for files: it encrypts the data in a way that ideally even the server admin can’t access. And if you store a KeePass file in Nextcloud, you don’t need any additional features from Nextcloud either—because KeePass files are already encrypted and password-protected by design.
However, a feature like Dropbox Vault can make sense—for regular files that aren’t already encrypted by another app. And guess what? That kind of feature does exist in Nextcloud—it’s called End-to-End Encryption.
That said, as far as I know, it only works on the client side. Meaning: files and folders encrypted this way can’t be accessed via the Web UI. I could be wrong about that last part, though—happy to be corrected.
KeepassXC is a great tool, you also can add file attachments and it keeps a history, but does not encrypt folders. What you could do, is to use gocryptfs or cryfs to encrypt a local folder and sync that via nextcloud desktop sync tool. Obviously then you cannot use that through NextCloud web interface.
Correct, I guess it’s best to wait for the OP @Goldan if there’s something specific he needs. I am just providing my use case which may be what he in the end may be looking for. Especially since I did try out the “vault” facility at one point but found that KeepassXC just does what I would need.
I mean short of ahem media, what I used to do is just store a text file of my tokens in the vault side (to see how well it works). However, I stopped in the end because I don’t really want to rely on an external provider to hold onto my files and supposedly expect that they can’t look at the files due to E2E-encryption.
Or using a work computer to access your cloud files so you may not trust the admin of the work PC.
